Good morning at all,
I'm trying to create an IPSec VPN Tunnel between an ATP200 and Fritzbox 7590 without success.
Does anyone did this VPN configurantion and can help me?

On the Fritzbox the error is:

Errore IKE 0x203D --> "phase 1 sa removed during negotiation"

The ATP Debug log is atached as "TESTVPN_LOG.txt"

Thank you so much!

All Replies

  • zyman2008
    zyman2008 Posts: 147  Ally Member
    From the logs, it look like FRITZ!Box 7590 configured as an IPSec VPN client not Site-to-Site VPN.
    It send request with Aggressive mode/PSK/mode-config.

    So you can try to change the VPN connection rule on your ATP200 to enable mode-config settings,

  • Leandro85
    Leandro85 Posts: 5
    edited March 31
    Thank you for your reply :)
    I've tryied with your suggestion but without success.
    The firewall log is atached

    Those are the ATP's configurations

    This is the Fritzbox VPN Configuration:

    Thanks a lot!!!
    Best regards
  • mMontana
    mMontana Posts: 642  Guru Member
    If you can consider professional support...
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,103  Zyxel Employee
    Hi @Leandro85
    You can have a try to change VPN connection setting.(Phase 2)
    > Configure as remote Access(Server Role)
    > Configure local policy as "".
  • zyman2008
    zyman2008 Posts: 147  Ally Member
    Hi @Leandro85,
    From the logs said, the VPN Phase 1 process is success but Phase 2 fail cause by proposal is mismatch.

    Then I search google to check what algorithms Fritzbox can support.
    The help say "Perfect Forward Security(PFS) is not support".

    You can remove the Perfect Forward Security (PFS) setting in VPN Connection rule on ATP and try again.

Security Highlight